What Is Claimed Is: 



1 LA method that facihtates secure electronic commerce, comprising: 

2 providing a consumer with a file of security data relating to an account 

3 maintained by a financial institution; 

4 creating a financial transaction between the consumer and a merchant, 

5 wherein the financial transaction is protected using security data fi-om the file, and 

6 wherein the financial transaction is structured to contain an account number in a 

7 form that is undecipherable by the merchant, thereby prevent the merchant from 

8 knowing the account number for the account; 

9 validating by the merchant that the financial institution identified by the 
^ 10 financial transaction is acceptable using security data from the file; 

1 1 requesting by the merchant that the financial institution authorize the 

M= 12 financial transaction; 

13 receiving by the merchant an authorization firom the financial institution to 

^ 1 4 complete the financial transaction; 

O 1 5 completing the financial transaction between the consumer and the 

W 

Pi 16 merchant; and 

^ 1 7 notifying the financial institution that the financial transaction is complete. 

1 2. The method of claim 1, wherein the file of security data includes: 

2 a consumer identifier; 

3 a private key for encryption and authentication of data; 

4 a first public key related to the private key for decryption and 

5 authentication of data; 

6 an identifier identifying the financial institution; 

7 a second public key belonging to the financial institution; 
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the account number that has been encrypted with a key known only to the 
financial institution creating an encrypted account number; 

a first certificate signed by a recognized certificate authority that validates 
the financial institution; 

a second certificate signed by the financial institution that validates the 
consumer; and 

computer algorithms to use the file of security data. 

3. The method of claim 2, wherein the file of security data is provided 
to the consumer on a smart card. 

4. The method of claim 3, wherein protecting the financial transaction 
involves: 

creating a first hash of the financial transaction; and 

encrypting the first hash, the second certificate, and the encrypted account 
number using the second public key creating a secure envelope of transaction 
data, wherein the first hash is created at a secure site available only to the 
consumer. 

5. The method of claim 4, wherein requesting by the merchant that 
the financial institution authorize the financial transaction involves: 

creating a second hash of the financial transaction by the merchant; 
sending the secure envelope and the second hash to the financial 
institution; 

decrypting at the financial institution the secure envelope using the private 
key of the financial institution; 

comparing the first hash with the second hash; and 
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if the first hash is identical to the second hash, 

decrypting the encrypted account number to recover the 
account number for the account belonging to the consumer, 

verifying that the financial transaction is valid for the 
account, and 

if valid, authorizing the financial transaction. 

6. The method of claim 5, wherein verifying that the financial 
transaction is valid for the account includes: 

verifying that the second certificate was signed by the financial institution; 
determining that the account is valid; and 

ensuring that a transaction amount is not greater than an authorized 
transaction amount. 

7. The method of claim 4, wherein the secure site available only to 
the consumer is within the smart card. 

8. The method of claim 2, wherein validating by the merchant that the 
financial institution identified by the financial transaction is acceptable involves: 

receiving at the merchant the first certificate; and 

validating that the first certificate was signed by the recognized certificate 
authority. 

9. A computer-readable storage medium storing instructions that 
when executed by a computer cause the computer to perform a method that 
facilitates secure electronic commerce, comprising: 
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providing a consumer with a file of security data relating to an account 
maintained by a financial institution; 

creating a financial transaction between the consumer and a merchant, 
wherein the financial transaction is protected using security data fi'om the file, and 
wherein the financial transaction is structured to contain an account number in a 
form that is undecipherable by the merchant, thereby prevent the merchant from 
knowing the account number for the account; 

validating by the merchant that the financial institution identified by the 
financial transaction is acceptable using security data from the file; 

requesting by the merchant that the financial institution authorize the 
financial transaction; 

receiving by the merchant an authorization from the financial institution to 
complete the financial transaction; 

completing the financial transaction between the consumer and the 
merchant; and 

notifying the financial institution that the financial transaction is complete. 

10. The computer-readable storage medium of claim 9, wherein the file 
of security data includes: 

a consumer identifier; 

a private key for encryption and authentication of data; 

a first public key related to the private key for decryption and 
authentication of data; 

an identifier identifying the financial institution; 

a second public key belonging to the financial institution; 

the account number that has been encrypted with a key known only to the 
financial institution creating an encrypted account number; 
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a first certificate signed by a recognized certificate authority that validates 
the financial institution; 

a second certificate signed by the financial institution that validates the 
consumer; and 

computer algorithms to use the file of security data. 

1 1 . The computer-readable storage medium of claim 10, wherein the 
file of security data is provided to the consumer on a smart card. 

12. The computer-readable storage medium of claim 11, wherein 
protecting the financial transaction involves: 

creating a first hash of the financial transaction; and 

encrypting the first hash, the second certificate, and the encrypted account 
number using the second public key creating a secure envelope of transaction 
data, wherein the first hash is created at a secure site available only to the 
consumer. 

13. The computer-readable storage medium of claim 12, wherein 
requesting by the merchant that the financial institution authorize the financial 
transaction involves: 

creating a second hash of the financial transaction by the merchant; 
sending the secure envelope and the second hash to the financial 
institution; 

decrypting at the financial institution the secure envelope using the private 
key of the financial institution; 

comparing the first hash with the second hash; and 
if the first hash is identical to the second hash, 
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decrypting the encrypted account number to recover the 
account number for the account belonging to the consumer, 

verifying that the financial transaction is valid for the 
account, and 

if valid, authorizing the financial transaction. 

14. The computer-readable storage medium of claim 13, v^herein 
verifying that the financial transaction is valid for the account includes: 

verifying that the second certificate was signed by the financial institution; 
determining that the account is valid; and 

ensuring that a transaction amount is not greater than an authorized 
transaction amount. 

15. The computer-readable storage medium of claim 12, wherein the 
secure site available only to the consumer is within the smart card. 

16. The computer-readable storage medium of claim 10, wherein 
validating by the merchant that the financial institution identified by the financial 
transaction is acceptable involves: 

receiving at the merchant the first certificate; and 
validating that the first certificate was signed by the recognized certificate 
authority. 

1 7. An apparatus that facilitates secure electronic commerce, 
comprising: 

a providing mechanism configured to provide a consumer with a file of 
security data relating to an account maintained by a financial institution; 
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5 a first creating mechanism configured to create a financial transaction 

6 between the consumer and a merchant, wherein the financial transaction is 

7 protected using security data fi-om the file, and wherein the financial transaction is 

8 structured to contain an accoimt number in a form that is undecipherable by the 

9 merchant, thereby prevent the merchant from knowing the account number for the 

10 account; 

1 1 a first validating mechanism that is configured to validate that the financial 

12 institution identified by the financial transaction is acceptable using security data 

13 from the file; 

14 a requesting mechanism that is configured to request that the financial 

1 5 institution authorize the financial transaction; 

16 a first receiving mechanism that is configured to receive an authorization 

17 from the financial institution to complete the financial transaction; 
HIS a completing mechanism that is configured to complete the financial 
^ 1 9 transaction between the consumer and the merchant; and 

f 20 a notifying mechanism that is configured to notify the financial institution 

21 that the financial transaction is complete. 
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1 18. The apparatus of claim 17, wherein the file of security data 

2 includes: 

3 a consumer identifier; 

4 a private key for encryption and authentication of data; 

5 a first public key related to the private key for decryption and 

6 authentication of data; 

7 an identifier identifying the financial institution; 

8 a second public key belonging to the financial institution; 
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the account number that has been encrypted with a key known only to the 
financial institution creating an encrypted account number; 

a first certificate signed by a recognized certificate authority that validates 
the financial institution; 

a second certificate signed by the financial institution that validates the 
consumer; and 

computer algorithms to use the file of security data. 

1 9. The apparatus of claim 1 8, wherein the file of security data is 
provided to the consumer on a smart card. 

20. The apparatus of claim 19, further comprising: 

a second creating mechanism that is configured to create a first hash of the 
financial transaction; and 

an encrypting mechanism that is configured to encrypt the first hash, the 
second certificate, and the encrypted account number using the second public key 
creating a secure envelope of transaction data, wherein the first hash is created at a 
secure site available only to the consumer. 

2 1 . The apparatus of claim 20, further comprising: 

a creating mechanism that is configured to create a second hash of the 
financial transaction by the merchant; 

a sending mechanism that is configured to send the secure envelope and 
the second hash to the financial institution; 

a decrypting mechanism that is configured to decrypt the secure envelope 
using the private key of the financial institution; 
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8 a comparing mechanism that is configured to compare the first hash with 

9 the second hash; 

10 wherein the decrypting mechanism is further configured to decrypt the 

1 1 encrypted account number to recover the account number for the account 

1 2 belonging to the consumer; 

1 3 a first verifying mechanism that is configured to verify that the financial 

14 transaction is valid for the account; and 

1 5 an authorizing mechanism that is configured to authorize the financial 

16 transaction. 

1 22, The apparatus of claim 21 , further comprising: 

^2 a second verifying mechanism that is configured to verify that the second 

'5 3 certificate was signed by the financial institution; 

ry 

1=5; 4 a determining mechanism that is configured to determine that the account 

5 is valid; and 

6 an ensuring mechanism that is configured to ensure that a transaction 



'4 



Q 7 amount is not greater than an authorized transaction amount. 

1 23. The apparatus of claim 20, wherein the secure site available only to 



ry 

M= 2 the consumer is within the smart card. 



1 24. The apparatus of claim 1 8, further comprising: 

2 a second receiving mechanism at the merchant that is configured to receive 

3 the first certificate; and 

4 a second validating mechanism that is configured to validate that the first 

5 certificate was signed by the recognized certificate authority. 
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